Add RHEL/CentOS 8 compatibility.

* Added "os_specific_packages" variable with a list of requarements for specific RHEL Linux versions.

* Added chronyd (ntp) service.
In RHEL Linux 8, the ntp package is no longer supported and it is implemented by the chronyd (a daemon that runs in user-space) which is provided in the chrony package.

* Added the glibc-langpack installation instead of generating a locales (for RHEL 8 only).
Variable: "glibc_langpack" in the RedHat.yml inventory file.

* Added disable postgresql module for RHEL 8.
The version of PostgreSQL available on CentOS 8 / RHEL 8 officially maintained modular repository is 10 and 9.6. We’ll add PostgreSQL Yum Repository (by default) which hosts all recent releases.

* Install pgbouncer package with the "--disablerepo AppStream" parameter. Since the AppStream repository (for today) does not have the required version of python-psycopg2. For RHEL 8 only.
Fixed dpendency roblem: package pgbouncer-1.12.0-1.rhel8.x86_64 requires python-psycopg2, but none of the providers can be installed.

Other:
* Fix parameters of the "package" module for HAProxy on RHEL Linux 8.
* Fix ansible-role-firewall: added a Boolean filter for disable-other-firewalls task.

Tested on CentOS Linux release 8.0.1905

Author: vitabaks

README.md

@@ -69,7 +69,7 @@ RedHat and Debian based distros (x86_64)
 - Ubuntu: 16.04
 - Debian: 8
 
-:white_check_mark: tested, works fine: `Debian 9/10, Ubuntu 18.04, CentOS 7.6`
+:white_check_mark: tested, works fine: `Debian 9/10, Ubuntu 18.04, CentOS 7.6/7.7/8.0`
 
 ###### PostgreSQL versions: 
 all supported PostgreSQL versions

roles/ansible-role-firewall/tasks/main.yml

@@ -64,4 +64,4 @@
     enabled: "{{ firewall_enabled_at_boot }}"
 
 - import_tasks: disable-other-firewalls.yml
-  when: firewall_disable_firewalld == "true" or firewall_disable_ufw == "true"
+  when: firewall_disable_firewalld|bool or firewall_disable_ufw|bool

tasks/haproxy.yml

@@ -49,8 +49,8 @@
     # RedHat os family version 8 (and higher)
     - name: haproxy | install HAProxy 1.8 package
       package:
-        name: "haproxy=1.8.*"
-        state: haproxy
+        name: haproxy
+        state: present
       when: ansible_distribution_major_version is version('8', '>=')
   environment: '{{ proxy_env | default({}) }}'
   when: ansible_os_family == "RedHat" and installation_method == "repo" and haproxy_installation_method == "rpm"

tasks/locales.yml

@@ -15,4 +15,13 @@
   command: localedef -c -i {{ item.language_country }} -f {{ item.encoding }} {{ item.language_country }}.{{ item.encoding }}
   changed_when: false
   loop: "{{ locales | flatten(1) }}"
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version != '8'
+
+  # RHEL 8
+- name: locales | install glibc-langpack
+  dnf:
+    name: "{{ item }}"
+  loop: "{{ glibc_langpack }}"
+  environment: '{{ proxy_env | default({}) }}'
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= '8'
+

tasks/ntp.yml

@@ -1,30 +1,59 @@
 ---
 
+# NTPd: Install and Configure
 - name: ntp | install package
   package:
     name: ntp
     state: present
   environment: '{{ proxy_env | default({}) }}'
+  when: ansible_os_family == "Debian" or (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7')
   tags: [ ntp_install, ntp ]
 
 - name: ntp | copy the ntp.conf template file
   template:
     src: ntp.conf.j2
     dest: /etc/ntp.conf
+  when: ansible_os_family == "Debian" or (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7')
   tags: [ ntp_conf, ntp ]
 
   # Debian
-- name: ntp | restart systemd service
+- name: ntp | restart ntp service
   systemd:
     name: ntp
     enabled: yes
     state: restarted
   when: ansible_os_family == "Debian"
+  tags: ntp
 
   # RedHat
-- name: ntp | restart systemd service
+- name: ntp | restart ntpd service
   systemd:
     name: ntpd
     enabled: yes
     state: restarted
-  when: ansible_os_family == "RedHat"
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version == '7'
+  tags: ntp
+
+# Chrony: Install and Configure (RHEL 8)
+- block:
+    - name: ntp | install chrony package
+      package:
+        name: chrony
+        state: present
+      environment: '{{ proxy_env | default({}) }}'
+      tags: ntp_install
+
+    - name: ntp | copy the chrony.conf template file
+      template:
+        src: chrony.conf.j2
+        dest: /etc/chrony.conf
+      tags: ntp_conf
+
+    - name: ntp | restart chrony service
+      systemd:
+        name: chronyd
+        enabled: yes
+        state: restarted
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= '8'
+  tags: ntp
+

tasks/packages.yml

@@ -37,29 +37,41 @@
 
 # PostgreSQL prepare for install (for Debian based only)
 - block:
-    - name: Install | ensure postgresql database-cluster manager package
+    - name: Install | PostgreSQL | ensure postgresql database-cluster manager package
       package:
         name: postgresql-common
         state: present
       environment: '{{ proxy_env | default({}) }}'
 
-    - name: disable initializing of a default postgresql cluster
+    - name: Install | PostgreSQL | disable initializing of a default postgresql cluster
       replace:
         path: /etc/postgresql-common/createcluster.conf
         replace: create_main_cluster = false
         regexp: ^#?create_main_cluster.*$
 
-    - name: disable log rotation with logrotate for postgresql (use logging_collector)
+    - name: Install | PostgreSQL | disable log rotation with logrotate for postgresql (use logging_collector)
       file:
         dest: /etc/logrotate.d/postgresql-common
         state: absent
   when: installation_method == "repo" and ansible_os_family == "Debian"
   tags: install_postgres
 
+# PostgreSQL prepare for install (for RHEL 8)
+- block:
+    - name: Install | PostgreSQL | disable postgresql module
+      shell: 'dnf -y module disable postgresql && dnf clean all'
+      args:
+        warn: false
+  environment: '{{ proxy_env | default({}) }}'
+  when: installation_method == "repo" and (proxy_env is defined and proxy_env | length > 0) and (ansible_os_family == "RedHat" and ansible_distribution_major_version >= '8')
+  ignore_errors: yes
+  tags: install_postgres
+
 # Install PostgreSQL from repository
 - name: Install | PostgreSQL packages
   package:
     name: "{{ item }}"
+    update_cache: yes
   loop: "{{ postgresql_packages }}"
   environment: '{{ proxy_env | default({}) }}'
   when: installation_method == "repo" and postgresql_exists != "true"

tasks/pgbouncer.yml

@@ -4,6 +4,16 @@
   package:
     name: pgbouncer
   environment: '{{ proxy_env | default({}) }}'
+  when: ansible_os_family == "Debian" or (ansible_os_family == "RedHat" and ansible_distribution_major_version == '7')
+  tags: [ pgbouncer_install, pgbouncer ]
+
+# RHEL 8
+- name: PgBouncer | install package
+  dnf:
+    name: pgbouncer
+    disablerepo: AppStream
+  environment: '{{ proxy_env | default({}) }}'
+  when: ansible_os_family == "RedHat" and ansible_distribution_major_version >= '8'
   tags: [ pgbouncer_install, pgbouncer ]
 
 - name: PgBouncer | ensure config directory "{{ pgbouncer_conf_dir }}" exist

templates/chrony.conf.j2

@@ -0,0 +1,42 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+{% if ntp_servers is defined and ntp_servers | length > 0 %}
+{% for item in ntp_servers %}
+server {{ item }} iburst
+{% endfor %}
+{% endif %}
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+
+# Specify file containing keys for NTP authentication.
+keyfile /etc/chrony.keys
+
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+
+# Specify directory for log files.
+logdir /var/log/chrony
+
+# Select which information is logged.
+#log measurements statistics tracking

vars/RedHat.yml

@@ -24,19 +24,26 @@ install_epel_repo: 'true' # or 'false' (installed from the package "epel-release
 install_postgresql_repo: 'true' # or 'false' (installed from the package "pgdg-redhat-repo-latest.noarch.rpm" tasks/add-repository.yml)
 
 # Packages (for yum repo)
+os_specific_packages:
+  RedHat-7:
+    - python
+    - python-devel
+    - python-psycopg2
+    - python-setuptools
+    - libselinux-python
+    - libsemanage-python
+    - policycoreutils-python
+  RedHat-8:
+    - python3-libselinux
+    - python3-libsemanage
+    - python3-policycoreutils
 system_packages:
-  - python
-  - python-devel
-  - python-psycopg2
-  - python-setuptools
-  - libselinux-python
-  - libsemanage-python
-  - policycoreutils-python
-  - python36
-  - python36-devel
-  - python36-psycopg2
-  - python36-setuptools
-  - python36-pip
+  - python3
+  - python3-devel
+  - python3-psycopg2
+  - python3-setuptools
+  - python3-pip
+  - "{{ os_specific_packages[ansible_os_family ~ '-' ~ ansible_distribution_major_version] }}"
   - curl
   - less
   - sudo
@@ -46,6 +53,13 @@ system_packages:
   - iptables
   - acl
 
+# The glibc-langpack package includes the basic information required to support the language in your applications.
+## for RHEL version 8 (only)
+glibc_langpack:
+  - "glibc-langpack-en"
+  - "glibc-langpack-ru" # optional
+#  - "glibc-langpack-de"
+
 postgresql_packages:
   - postgresql{{ postgresql_version_terse }}
   - postgresql{{ postgresql_version_terse }}-server

vars/main.yml

@@ -204,9 +204,11 @@ ntp_servers: []
 timezone: []
 #timezone: "Europe/Moscow"
 
+# Generate locale 
+## (except RHEL>=8,use glibc-langpack)
 locales:
   - { language_country: "en_US", encoding: "UTF-8" }
-  - { language_country: "ru_RU", encoding: "UTF-8" }
+  - { language_country: "ru_RU", encoding: "UTF-8" } # optional
 #  - { language_country: "", encoding: "" }